]>
Commit | Line | Data |
---|---|---|
1 | ||
2 | OpenSSL CHANGES | |
3 | _______________ | |
4 | ||
5 | Changes between 0.9.8j and 0.9.9 [xx XXX xxxx] | |
6 | ||
7 | *) Add session ticket override functionality for use by EAP-FAST. | |
8 | [Jouni Malinen <j@w1.fi>] | |
9 | ||
10 | *) Modify HMAC functions to return a value. Since these can be implemented | |
11 | in an ENGINE errors can occur. | |
12 | [Steve Henson] | |
13 | ||
14 | *) Type-checked OBJ_bsearch_ex. | |
15 | [Ben Laurie] | |
16 | ||
17 | *) Type-checked OBJ_bsearch. Also some constification necessitated | |
18 | by type-checking. Still to come: TXT_DB, bsearch(?), | |
19 | OBJ_bsearch_ex, qsort, CRYPTO_EX_DATA, ASN1_VALUE, ASN1_STRING, | |
20 | CONF_VALUE. | |
21 | [Ben Laurie] | |
22 | ||
23 | *) New function OPENSSL_gmtime_adj() to add a specific number of days and | |
24 | seconds to a tm structure directly, instead of going through OS | |
25 | specific date routines. This avoids any issues with OS routines such | |
26 | as the year 2038 bug. New *_adj() functions for ASN1 time structures | |
27 | and X509_time_adj_ex() to cover the extended range. The existing | |
28 | X509_time_adj() is still usable and will no longer have any date issues. | |
29 | [Steve Henson] | |
30 | ||
31 | *) Delta CRL support. New use deltas option which will attempt to locate | |
32 | and search any appropriate delta CRLs available. | |
33 | ||
34 | This work was sponsored by Google. | |
35 | [Steve Henson] | |
36 | ||
37 | *) Support for CRLs partitioned by reason code. Reorganise CRL processing | |
38 | code and add additional score elements. Validate alternate CRL paths | |
39 | as part of the CRL checking and indicate a new error "CRL path validation | |
40 | error" in this case. Applications wanting additional details can use | |
41 | the verify callback and check the new "parent" field. If this is not | |
42 | NULL CRL path validation is taking place. Existing applications wont | |
43 | see this because it requires extended CRL support which is off by | |
44 | default. | |
45 | ||
46 | This work was sponsored by Google. | |
47 | [Steve Henson] | |
48 | ||
49 | *) Support for freshest CRL extension. | |
50 | ||
51 | This work was sponsored by Google. | |
52 | [Steve Henson] | |
53 | ||
54 | *) Initial indirect CRL support. Currently only supported in the CRLs | |
55 | passed directly and not via lookup. Process certificate issuer | |
56 | CRL entry extension and lookup CRL entries by bother issuer name | |
57 | and serial number. Check and process CRL issuer entry in IDP extension. | |
58 | ||
59 | This work was sponsored by Google. | |
60 | [Steve Henson] | |
61 | ||
62 | *) Add support for distinct certificate and CRL paths. The CRL issuer | |
63 | certificate is validated separately in this case. Only enabled if | |
64 | an extended CRL support flag is set: this flag will enable additional | |
65 | CRL functionality in future. | |
66 | ||
67 | This work was sponsored by Google. | |
68 | [Steve Henson] | |
69 | ||
70 | *) Add support for policy mappings extension. | |
71 | ||
72 | This work was sponsored by Google. | |
73 | [Steve Henson] | |
74 | ||
75 | *) Fixes to pathlength constraint, self issued certificate handling, | |
76 | policy processing to align with RFC3280 and PKITS tests. | |
77 | ||
78 | This work was sponsored by Google. | |
79 | [Steve Henson] | |
80 | ||
81 | *) Support for name constraints certificate extension. DN, email, DNS | |
82 | and URI types are currently supported. | |
83 | ||
84 | This work was sponsored by Google. | |
85 | [Steve Henson] | |
86 | ||
87 | *) To cater for systems that provide a pointer-based thread ID rather | |
88 | than numeric, deprecate the current numeric thread ID mechanism and | |
89 | replace it with a structure and associated callback type. This | |
90 | mechanism allows a numeric "hash" to be extracted from a thread ID in | |
91 | either case, and on platforms where pointers are larger than 'long', | |
92 | mixing is done to help ensure the numeric 'hash' is usable even if it | |
93 | can't be guaranteed unique. The default mechanism is to use "&errno" | |
94 | as a pointer-based thread ID to distinguish between threads. | |
95 | ||
96 | Applications that want to provide their own thread IDs should now use | |
97 | CRYPTO_THREADID_set_callback() to register a callback that will call | |
98 | either CRYPTO_THREADID_set_numeric() or CRYPTO_THREADID_set_pointer(). | |
99 | ||
100 | Note that ERR_remove_state() is now deprecated, because it is tied | |
101 | to the assumption that thread IDs are numeric. ERR_remove_state(0) | |
102 | to free the current thread's error state should be replaced by | |
103 | ERR_remove_thread_state(NULL). | |
104 | ||
105 | (This new approach replaces the functions CRYPTO_set_idptr_callback(), | |
106 | CRYPTO_get_idptr_callback(), and CRYPTO_thread_idptr() that existed in | |
107 | OpenSSL 0.9.9-dev between June 2006 and August 2008. Also, if an | |
108 | application was previously providing a numeric thread callback that | |
109 | was inappropriate for distinguishing threads, then uniqueness might | |
110 | have been obtained with &errno that happened immediately in the | |
111 | intermediate development versions of OpenSSL; this is no longer the | |
112 | case, the numeric thread callback will now override the automatic use | |
113 | of &errno.) | |
114 | [Geoff Thorpe, with help from Bodo Moeller] | |
115 | ||
116 | *) Initial support for different CRL issuing certificates. This covers a | |
117 | simple case where the self issued certificates in the chain exist and | |
118 | the real CRL issuer is higher in the existing chain. | |
119 | ||
120 | This work was sponsored by Google. | |
121 | [Steve Henson] | |
122 | ||
123 | *) Removed effectively defunct crypto/store from the build. | |
124 | [Ben Laurie] | |
125 | ||
126 | *) Revamp of STACK to provide stronger type-checking. Still to come: | |
127 | TXT_DB, bsearch(?), OBJ_bsearch, qsort, CRYPTO_EX_DATA, ASN1_VALUE, | |
128 | ASN1_STRING, CONF_VALUE. | |
129 | [Ben Laurie] | |
130 | ||
131 | *) Add a new SSL_MODE_RELEASE_BUFFERS mode flag to release unused buffer | |
132 | RAM on SSL connections. This option can save about 34k per idle SSL. | |
133 | [Nick Mathewson] | |
134 | ||
135 | *) Revamp of LHASH to provide stronger type-checking. Still to come: | |
136 | STACK, TXT_DB, bsearch, qsort. | |
137 | [Ben Laurie] | |
138 | ||
139 | *) Initial support for Cryptographic Message Syntax (aka CMS) based | |
140 | on RFC3850, RFC3851 and RFC3852. New cms directory and cms utility, | |
141 | support for data, signedData, compressedData, digestedData and | |
142 | encryptedData, envelopedData types included. Scripts to check against | |
143 | RFC4134 examples draft and interop and consistency checks of many | |
144 | content types and variants. | |
145 | [Steve Henson] | |
146 | ||
147 | *) Add options to enc utility to support use of zlib compression BIO. | |
148 | [Steve Henson] | |
149 | ||
150 | *) Extend mk1mf to support importing of options and assembly language | |
151 | files from Configure script, currently only included in VC-WIN32. | |
152 | The assembly language rules can now optionally generate the source | |
153 | files from the associated perl scripts. | |
154 | [Steve Henson] | |
155 | ||
156 | *) Implement remaining functionality needed to support GOST ciphersuites. | |
157 | Interop testing has been performed using CryptoPro implementations. | |
158 | [Victor B. Wagner <vitus@cryptocom.ru>] | |
159 | ||
160 | *) s390x assembler pack. | |
161 | [Andy Polyakov] | |
162 | ||
163 | *) ARMv4 assembler pack. ARMv4 refers to v4 and later ISA, not CPU | |
164 | "family." | |
165 | [Andy Polyakov] | |
166 | ||
167 | *) Implement Opaque PRF Input TLS extension as specified in | |
168 | draft-rescorla-tls-opaque-prf-input-00.txt. Since this is not an | |
169 | official specification yet and no extension type assignment by | |
170 | IANA exists, this extension (for now) will have to be explicitly | |
171 | enabled when building OpenSSL by providing the extension number | |
172 | to use. For example, specify an option | |
173 | ||
174 | -DTLSEXT_TYPE_opaque_prf_input=0x9527 | |
175 | ||
176 | to the "config" or "Configure" script to enable the extension, | |
177 | assuming extension number 0x9527 (which is a completely arbitrary | |
178 | and unofficial assignment based on the MD5 hash of the Internet | |
179 | Draft). Note that by doing so, you potentially lose | |
180 | interoperability with other TLS implementations since these might | |
181 | be using the same extension number for other purposes. | |
182 | ||
183 | SSL_set_tlsext_opaque_prf_input(ssl, src, len) is used to set the | |
184 | opaque PRF input value to use in the handshake. This will create | |
185 | an interal copy of the length-'len' string at 'src', and will | |
186 | return non-zero for success. | |
187 | ||
188 | To get more control and flexibility, provide a callback function | |
189 | by using | |
190 | ||
191 | SSL_CTX_set_tlsext_opaque_prf_input_callback(ctx, cb) | |
192 | SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(ctx, arg) | |
193 | ||
194 | where | |
195 | ||
196 | int (*cb)(SSL *, void *peerinput, size_t len, void *arg); | |
197 | void *arg; | |
198 | ||
199 | Callback function 'cb' will be called in handshakes, and is | |
200 | expected to use SSL_set_tlsext_opaque_prf_input() as appropriate. | |
201 | Argument 'arg' is for application purposes (the value as given to | |
202 | SSL_CTX_set_tlsext_opaque_prf_input_callback_arg() will directly | |
203 | be provided to the callback function). The callback function | |
204 | has to return non-zero to report success: usually 1 to use opaque | |
205 | PRF input just if possible, or 2 to enforce use of the opaque PRF | |
206 | input. In the latter case, the library will abort the handshake | |
207 | if opaque PRF input is not successfully negotiated. | |
208 | ||
209 | Arguments 'peerinput' and 'len' given to the callback function | |
210 | will always be NULL and 0 in the case of a client. A server will | |
211 | see the client's opaque PRF input through these variables if | |
212 | available (NULL and 0 otherwise). Note that if the server | |
213 | provides an opaque PRF input, the length must be the same as the | |
214 | length of the client's opaque PRF input. | |
215 | ||
216 | Note that the callback function will only be called when creating | |
217 | a new session (session resumption can resume whatever was | |
218 | previously negotiated), and will not be called in SSL 2.0 | |
219 | handshakes; thus, SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2) or | |
220 | SSL_set_options(ssl, SSL_OP_NO_SSLv2) is especially recommended | |
221 | for applications that need to enforce opaque PRF input. | |
222 | ||
223 | [Bodo Moeller] | |
224 | ||
225 | *) Update ssl code to support digests other than SHA1+MD5 for handshake | |
226 | MAC. | |
227 | ||
228 | [Victor B. Wagner <vitus@cryptocom.ru>] | |
229 | ||
230 | *) Add RFC4507 support to OpenSSL. This includes the corrections in | |
231 | RFC4507bis. The encrypted ticket format is an encrypted encoded | |
232 | SSL_SESSION structure, that way new session features are automatically | |
233 | supported. | |
234 | ||
235 | If a client application caches session in an SSL_SESSION structure | |
236 | support is transparent because tickets are now stored in the encoded | |
237 | SSL_SESSION. | |
238 | ||
239 | The SSL_CTX structure automatically generates keys for ticket | |
240 | protection in servers so again support should be possible | |
241 | with no application modification. | |
242 | ||
243 | If a client or server wishes to disable RFC4507 support then the option | |
244 | SSL_OP_NO_TICKET can be set. | |
245 | ||
246 | Add a TLS extension debugging callback to allow the contents of any client | |
247 | or server extensions to be examined. | |
248 | ||
249 | This work was sponsored by Google. | |
250 | [Steve Henson] | |
251 | ||
252 | *) Final changes to avoid use of pointer pointer casts in OpenSSL. | |
253 | OpenSSL should now compile cleanly on gcc 4.2 | |
254 | [Peter Hartley <pdh@utter.chaos.org.uk>, Steve Henson] | |
255 | ||
256 | *) Update SSL library to use new EVP_PKEY MAC API. Include generic MAC | |
257 | support including streaming MAC support: this is required for GOST | |
258 | ciphersuite support. | |
259 | [Victor B. Wagner <vitus@cryptocom.ru>, Steve Henson] | |
260 | ||
261 | *) Add option -stream to use PKCS#7 streaming in smime utility. New | |
262 | function i2d_PKCS7_bio_stream() and PEM_write_PKCS7_bio_stream() | |
263 | to output in BER and PEM format. | |
264 | [Steve Henson] | |
265 | ||
266 | *) Experimental support for use of HMAC via EVP_PKEY interface. This | |
267 | allows HMAC to be handled via the EVP_DigestSign*() interface. The | |
268 | EVP_PKEY "key" in this case is the HMAC key, potentially allowing | |
269 | ENGINE support for HMAC keys which are unextractable. New -mac and | |
270 | -macopt options to dgst utility. | |
271 | [Steve Henson] | |
272 | ||
273 | *) New option -sigopt to dgst utility. Update dgst to use | |
274 | EVP_Digest{Sign,Verify}*. These two changes make it possible to use | |
275 | alternative signing paramaters such as X9.31 or PSS in the dgst | |
276 | utility. | |
277 | [Steve Henson] | |
278 | ||
279 | *) Change ssl_cipher_apply_rule(), the internal function that does | |
280 | the work each time a ciphersuite string requests enabling | |
281 | ("foo+bar"), moving ("+foo+bar"), disabling ("-foo+bar", or | |
282 | removing ("!foo+bar") a class of ciphersuites: Now it maintains | |
283 | the order of disabled ciphersuites such that those ciphersuites | |
284 | that most recently went from enabled to disabled not only stay | |
285 | in order with respect to each other, but also have higher priority | |
286 | than other disabled ciphersuites the next time ciphersuites are | |
287 | enabled again. | |
288 | ||
289 | This means that you can now say, e.g., "PSK:-PSK:HIGH" to enable | |
290 | the same ciphersuites as with "HIGH" alone, but in a specific | |
291 | order where the PSK ciphersuites come first (since they are the | |
292 | most recently disabled ciphersuites when "HIGH" is parsed). | |
293 | ||
294 | Also, change ssl_create_cipher_list() (using this new | |
295 | funcionality) such that between otherwise identical | |
296 | cihpersuites, ephemeral ECDH is preferred over ephemeral DH in | |
297 | the default order. | |
298 | [Bodo Moeller] | |
299 | ||
300 | *) Change ssl_create_cipher_list() so that it automatically | |
301 | arranges the ciphersuites in reasonable order before starting | |
302 | to process the rule string. Thus, the definition for "DEFAULT" | |
303 | (SSL_DEFAULT_CIPHER_LIST) now is just "ALL:!aNULL:!eNULL", but | |
304 | remains equivalent to "AES:ALL:!aNULL:!eNULL:+aECDH:+kRSA:+RC4:@STRENGTH". | |
305 | This makes it much easier to arrive at a reasonable default order | |
306 | in applications for which anonymous ciphers are OK (meaning | |
307 | that you can't actually use DEFAULT). | |
308 | [Bodo Moeller; suggested by Victor Duchovni] | |
309 | ||
310 | *) Split the SSL/TLS algorithm mask (as used for ciphersuite string | |
311 | processing) into multiple integers instead of setting | |
312 | "SSL_MKEY_MASK" bits, "SSL_AUTH_MASK" bits, "SSL_ENC_MASK", | |
313 | "SSL_MAC_MASK", and "SSL_SSL_MASK" bits all in a single integer. | |
314 | (These masks as well as the individual bit definitions are hidden | |
315 | away into the non-exported interface ssl/ssl_locl.h, so this | |
316 | change to the definition of the SSL_CIPHER structure shouldn't | |
317 | affect applications.) This give us more bits for each of these | |
318 | categories, so there is no longer a need to coagulate AES128 and | |
319 | AES256 into a single algorithm bit, and to coagulate Camellia128 | |
320 | and Camellia256 into a single algorithm bit, which has led to all | |
321 | kinds of kludges. | |
322 | ||
323 | Thus, among other things, the kludge introduced in 0.9.7m and | |
324 | 0.9.8e for masking out AES256 independently of AES128 or masking | |
325 | out Camellia256 independently of AES256 is not needed here in 0.9.9. | |
326 | ||
327 | With the change, we also introduce new ciphersuite aliases that | |
328 | so far were missing: "AES128", "AES256", "CAMELLIA128", and | |
329 | "CAMELLIA256". | |
330 | [Bodo Moeller] | |
331 | ||
332 | *) Add support for dsa-with-SHA224 and dsa-with-SHA256. | |
333 | Use the leftmost N bytes of the signature input if the input is | |
334 | larger than the prime q (with N being the size in bytes of q). | |
335 | [Nils Larsch] | |
336 | ||
337 | *) Very *very* experimental PKCS#7 streaming encoder support. Nothing uses | |
338 | it yet and it is largely untested. | |
339 | [Steve Henson] | |
340 | ||
341 | *) Add support for the ecdsa-with-SHA224/256/384/512 signature types. | |
342 | [Nils Larsch] | |
343 | ||
344 | *) Initial incomplete changes to avoid need for function casts in OpenSSL | |
345 | some compilers (gcc 4.2 and later) reject their use. Safestack is | |
346 | reimplemented. Update ASN1 to avoid use of legacy functions. | |
347 | [Steve Henson] | |
348 | ||
349 | *) Win32/64 targets are linked with Winsock2. | |
350 | [Andy Polyakov] | |
351 | ||
352 | *) Add an X509_CRL_METHOD structure to allow CRL processing to be redirected | |
353 | to external functions. This can be used to increase CRL handling | |
354 | efficiency especially when CRLs are very large by (for example) storing | |
355 | the CRL revoked certificates in a database. | |
356 | [Steve Henson] | |
357 | ||
358 | *) Overhaul of by_dir code. Add support for dynamic loading of CRLs so | |
359 | new CRLs added to a directory can be used. New command line option | |
360 | -verify_return_error to s_client and s_server. This causes real errors | |
361 | to be returned by the verify callback instead of carrying on no matter | |
362 | what. This reflects the way a "real world" verify callback would behave. | |
363 | [Steve Henson] | |
364 | ||
365 | *) GOST engine, supporting several GOST algorithms and public key formats. | |
366 | Kindly donated by Cryptocom. | |
367 | [Cryptocom] | |
368 | ||
369 | *) Partial support for Issuing Distribution Point CRL extension. CRLs | |
370 | partitioned by DP are handled but no indirect CRL or reason partitioning | |
371 | (yet). Complete overhaul of CRL handling: now the most suitable CRL is | |
372 | selected via a scoring technique which handles IDP and AKID in CRLs. | |
373 | [Steve Henson] | |
374 | ||
375 | *) New X509_STORE_CTX callbacks lookup_crls() and lookup_certs() which | |
376 | will ultimately be used for all verify operations: this will remove the | |
377 | X509_STORE dependency on certificate verification and allow alternative | |
378 | lookup methods. X509_STORE based implementations of these two callbacks. | |
379 | [Steve Henson] | |
380 | ||
381 | *) Allow multiple CRLs to exist in an X509_STORE with matching issuer names. | |
382 | Modify get_crl() to find a valid (unexpired) CRL if possible. | |
383 | [Steve Henson] | |
384 | ||
385 | *) New function X509_CRL_match() to check if two CRLs are identical. Normally | |
386 | this would be called X509_CRL_cmp() but that name is already used by | |
387 | a function that just compares CRL issuer names. Cache several CRL | |
388 | extensions in X509_CRL structure and cache CRLDP in X509. | |
389 | [Steve Henson] | |
390 | ||
391 | *) Store a "canonical" representation of X509_NAME structure (ASN1 Name) | |
392 | this maps equivalent X509_NAME structures into a consistent structure. | |
393 | Name comparison can then be performed rapidly using memcmp(). | |
394 | [Steve Henson] | |
395 | ||
396 | *) Non-blocking OCSP request processing. Add -timeout option to ocsp | |
397 | utility. | |
398 | [Steve Henson] | |
399 | ||
400 | *) Allow digests to supply their own micalg string for S/MIME type using | |
401 | the ctrl EVP_MD_CTRL_MICALG. | |
402 | [Steve Henson] | |
403 | ||
404 | *) During PKCS7 signing pass the PKCS7 SignerInfo structure to the | |
405 | EVP_PKEY_METHOD before and after signing via the EVP_PKEY_CTRL_PKCS7_SIGN | |
406 | ctrl. It can then customise the structure before and/or after signing | |
407 | if necessary. | |
408 | [Steve Henson] | |
409 | ||
410 | *) New function OBJ_add_sigid() to allow application defined signature OIDs | |
411 | to be added to OpenSSLs internal tables. New function OBJ_sigid_free() | |
412 | to free up any added signature OIDs. | |
413 | [Steve Henson] | |
414 | ||
415 | *) New functions EVP_CIPHER_do_all(), EVP_CIPHER_do_all_sorted(), | |
416 | EVP_MD_do_all() and EVP_MD_do_all_sorted() to enumerate internal | |
417 | digest and cipher tables. New options added to openssl utility: | |
418 | list-message-digest-algorithms and list-cipher-algorithms. | |
419 | [Steve Henson] | |
420 | ||
421 | *) Change the array representation of binary polynomials: the list | |
422 | of degrees of non-zero coefficients is now terminated with -1. | |
423 | Previously it was terminated with 0, which was also part of the | |
424 | value; thus, the array representation was not applicable to | |
425 | polynomials where t^0 has coefficient zero. This change makes | |
426 | the array representation useful in a more general context. | |
427 | [Douglas Stebila] | |
428 | ||
429 | *) Various modifications and fixes to SSL/TLS cipher string | |
430 | handling. For ECC, the code now distinguishes between fixed ECDH | |
431 | with RSA certificates on the one hand and with ECDSA certificates | |
432 | on the other hand, since these are separate ciphersuites. The | |
433 | unused code for Fortezza ciphersuites has been removed. | |
434 | ||
435 | For consistency with EDH, ephemeral ECDH is now called "EECDH" | |
436 | (not "ECDHE"). For consistency with the code for DH | |
437 | certificates, use of ECDH certificates is now considered ECDH | |
438 | authentication, not RSA or ECDSA authentication (the latter is | |
439 | merely the CA's signing algorithm and not actively used in the | |
440 | protocol). | |
441 | ||
442 | The temporary ciphersuite alias "ECCdraft" is no longer | |
443 | available, and ECC ciphersuites are no longer excluded from "ALL" | |
444 | and "DEFAULT". The following aliases now exist for RFC 4492 | |
445 | ciphersuites, most of these by analogy with the DH case: | |
446 | ||
447 | kECDHr - ECDH cert, signed with RSA | |
448 | kECDHe - ECDH cert, signed with ECDSA | |
449 | kECDH - ECDH cert (signed with either RSA or ECDSA) | |
450 | kEECDH - ephemeral ECDH | |
451 | ECDH - ECDH cert or ephemeral ECDH | |
452 | ||
453 | aECDH - ECDH cert | |
454 | aECDSA - ECDSA cert | |
455 | ECDSA - ECDSA cert | |
456 | ||
457 | AECDH - anonymous ECDH | |
458 | EECDH - non-anonymous ephemeral ECDH (equivalent to "kEECDH:-AECDH") | |
459 | ||
460 | [Bodo Moeller] | |
461 | ||
462 | *) Add additional S/MIME capabilities for AES and GOST ciphers if supported. | |
463 | Use correct micalg parameters depending on digest(s) in signed message. | |
464 | [Steve Henson] | |
465 | ||
466 | *) Add engine support for EVP_PKEY_ASN1_METHOD. Add functions to process | |
467 | an ENGINE asn1 method. Support ENGINE lookups in the ASN1 code. | |
468 | [Steve Henson] | |
469 | ||
470 | *) Initial engine support for EVP_PKEY_METHOD. New functions to permit | |
471 | an engine to register a method. Add ENGINE lookups for methods and | |
472 | functional reference processing. | |
473 | [Steve Henson] | |
474 | ||
475 | *) New functions EVP_Digest{Sign,Verify)*. These are enchance versions of | |
476 | EVP_{Sign,Verify}* which allow an application to customise the signature | |
477 | process. | |
478 | [Steve Henson] | |
479 | ||
480 | *) New -resign option to smime utility. This adds one or more signers | |
481 | to an existing PKCS#7 signedData structure. Also -md option to use an | |
482 | alternative message digest algorithm for signing. | |
483 | [Steve Henson] | |
484 | ||
485 | *) Tidy up PKCS#7 routines and add new functions to make it easier to | |
486 | create PKCS7 structures containing multiple signers. Update smime | |
487 | application to support multiple signers. | |
488 | [Steve Henson] | |
489 | ||
490 | *) New -macalg option to pkcs12 utility to allow setting of an alternative | |
491 | digest MAC. | |
492 | [Steve Henson] | |
493 | ||
494 | *) Initial support for PKCS#5 v2.0 PRFs other than default SHA1 HMAC. | |
495 | Reorganize PBE internals to lookup from a static table using NIDs, | |
496 | add support for HMAC PBE OID translation. Add a EVP_CIPHER ctrl: | |
497 | EVP_CTRL_PBE_PRF_NID this allows a cipher to specify an alternative | |
498 | PRF which will be automatically used with PBES2. | |
499 | [Steve Henson] | |
500 | ||
501 | *) Replace the algorithm specific calls to generate keys in "req" with the | |
502 | new API. | |
503 | [Steve Henson] | |
504 | ||
505 | *) Update PKCS#7 enveloped data routines to use new API. This is now | |
506 | supported by any public key method supporting the encrypt operation. A | |
507 | ctrl is added to allow the public key algorithm to examine or modify | |
508 | the PKCS#7 RecipientInfo structure if it needs to: for RSA this is | |
509 | a no op. | |
510 | [Steve Henson] | |
511 | ||
512 | *) Add a ctrl to asn1 method to allow a public key algorithm to express | |
513 | a default digest type to use. In most cases this will be SHA1 but some | |
514 | algorithms (such as GOST) need to specify an alternative digest. The | |
515 | return value indicates how strong the prefernce is 1 means optional and | |
516 | 2 is mandatory (that is it is the only supported type). Modify | |
517 | ASN1_item_sign() to accept a NULL digest argument to indicate it should | |
518 | use the default md. Update openssl utilities to use the default digest | |
519 | type for signing if it is not explicitly indicated. | |
520 | [Steve Henson] | |
521 | ||
522 | *) Use OID cross reference table in ASN1_sign() and ASN1_verify(). New | |
523 | EVP_MD flag EVP_MD_FLAG_PKEY_METHOD_SIGNATURE. This uses the relevant | |
524 | signing method from the key type. This effectively removes the link | |
525 | between digests and public key types. | |
526 | [Steve Henson] | |
527 | ||
528 | *) Add an OID cross reference table and utility functions. Its purpose is to | |
529 | translate between signature OIDs such as SHA1WithrsaEncryption and SHA1, | |
530 | rsaEncryption. This will allow some of the algorithm specific hackery | |
531 | needed to use the correct OID to be removed. | |
532 | [Steve Henson] | |
533 | ||
534 | *) Remove algorithm specific dependencies when setting PKCS7_SIGNER_INFO | |
535 | structures for PKCS7_sign(). They are now set up by the relevant public | |
536 | key ASN1 method. | |
537 | [Steve Henson] | |
538 | ||
539 | *) Add provisional EC pkey method with support for ECDSA and ECDH. | |
540 | [Steve Henson] | |
541 | ||
542 | *) Add support for key derivation (agreement) in the API, DH method and | |
543 | pkeyutl. | |
544 | [Steve Henson] | |
545 | ||
546 | *) Add DSA pkey method and DH pkey methods, extend DH ASN1 method to support | |
547 | public and private key formats. As a side effect these add additional | |
548 | command line functionality not previously available: DSA signatures can be | |
549 | generated and verified using pkeyutl and DH key support and generation in | |
550 | pkey, genpkey. | |
551 | [Steve Henson] | |
552 | ||
553 | *) BeOS support. | |
554 | [Oliver Tappe <zooey@hirschkaefer.de>] | |
555 | ||
556 | *) New make target "install_html_docs" installs HTML renditions of the | |
557 | manual pages. | |
558 | [Oliver Tappe <zooey@hirschkaefer.de>] | |
559 | ||
560 | *) New utility "genpkey" this is analagous to "genrsa" etc except it can | |
561 | generate keys for any algorithm. Extend and update EVP_PKEY_METHOD to | |
562 | support key and parameter generation and add initial key generation | |
563 | functionality for RSA. | |
564 | [Steve Henson] | |
565 | ||
566 | *) Add functions for main EVP_PKEY_method operations. The undocumented | |
567 | functions EVP_PKEY_{encrypt,decrypt} have been renamed to | |
568 | EVP_PKEY_{encrypt,decrypt}_old. | |
569 | [Steve Henson] | |
570 | ||
571 | *) Initial definitions for EVP_PKEY_METHOD. This will be a high level public | |
572 | key API, doesn't do much yet. | |
573 | [Steve Henson] | |
574 | ||
575 | *) New function EVP_PKEY_asn1_get0_info() to retrieve information about | |
576 | public key algorithms. New option to openssl utility: | |
577 | "list-public-key-algorithms" to print out info. | |
578 | [Steve Henson] | |
579 | ||
580 | *) Implement the Supported Elliptic Curves Extension for | |
581 | ECC ciphersuites from draft-ietf-tls-ecc-12.txt. | |
582 | [Douglas Stebila] | |
583 | ||
584 | *) Don't free up OIDs in OBJ_cleanup() if they are in use by EVP_MD or | |
585 | EVP_CIPHER structures to avoid later problems in EVP_cleanup(). | |
586 | [Steve Henson] | |
587 | ||
588 | *) New utilities pkey and pkeyparam. These are similar to algorithm specific | |
589 | utilities such as rsa, dsa, dsaparam etc except they process any key | |
590 | type. | |
591 | [Steve Henson] | |
592 | ||
593 | *) Transfer public key printing routines to EVP_PKEY_ASN1_METHOD. New | |
594 | functions EVP_PKEY_print_public(), EVP_PKEY_print_private(), | |
595 | EVP_PKEY_print_param() to print public key data from an EVP_PKEY | |
596 | structure. | |
597 | [Steve Henson] | |
598 | ||
599 | *) Initial support for pluggable public key ASN1. | |
600 | De-spaghettify the public key ASN1 handling. Move public and private | |
601 | key ASN1 handling to a new EVP_PKEY_ASN1_METHOD structure. Relocate | |
602 | algorithm specific handling to a single module within the relevant | |
603 | algorithm directory. Add functions to allow (near) opaque processing | |
604 | of public and private key structures. | |
605 | [Steve Henson] | |
606 | ||
607 | *) Implement the Supported Point Formats Extension for | |
608 | ECC ciphersuites from draft-ietf-tls-ecc-12.txt. | |
609 | [Douglas Stebila] | |
610 | ||
611 | *) Add initial support for RFC 4279 PSK TLS ciphersuites. Add members | |
612 | for the psk identity [hint] and the psk callback functions to the | |
613 | SSL_SESSION, SSL and SSL_CTX structure. | |
614 | ||
615 | New ciphersuites: | |
616 | PSK-RC4-SHA, PSK-3DES-EDE-CBC-SHA, PSK-AES128-CBC-SHA, | |
617 | PSK-AES256-CBC-SHA | |
618 | ||
619 | New functions: | |
620 | SSL_CTX_use_psk_identity_hint | |
621 | SSL_get_psk_identity_hint | |
622 | SSL_get_psk_identity | |
623 | SSL_use_psk_identity_hint | |
624 | ||
625 | [Mika Kousa and Pasi Eronen of Nokia Corporation] | |
626 | ||
627 | *) Add RFC 3161 compliant time stamp request creation, response generation | |
628 | and response verification functionality. | |
629 |